On Tue, 13 Jun 2000, Dan Hollis wrote:
On Tue, 13 Jun 2000, Jon Mansey wrote:
Its like asking UUnet to put a firewall in their core just for you, forget it.
They wont put one on the edges either :) :)
-Dan
It is the same exact thing. The only difference between a fiber/copper bound carrier and someone like InterPacket or TeleGlobe is the media on which the packets are distributed. No flames from the carriers on this one please but, one alternative might be the following: (1)Announce the customers network from only ONE earthstation into the IGP (2)Charge the customer accordingly for carrying the data on your network from the edges to only that one earthstation. (3)Charge the customer for an ethernet port on the core router at the earthstation and a switch. (4)Lay out the earthstation network accordingly: [EARTHSTATION] EDGE<----->CORE ROUTER<----->SWITCH<--->DVB/IP Router<--->Magic RF stuff ^ ^ Customers port---> |--FIREWALL-| Since you're only announcing the customers prefix into IGP via the one earthstation, it should only get into the network via that single earthstation. Ya, sure... It's a royal pain in the butt to do this and if you do it for every customer, you'll end up with 60 customer aggregation routers at each earthstation but, if you make it painfull enough costwise, only those who are _really_ paranoid about it will pursue it. We do something similar within our network for clients who want some special ACL. When we limited the ACLs on the border to BOGONS, networks we announce, and other misc garbage that shouldn't be seen to begin with (if only all the other operators would do the same!) and moved all the anal-retentive ACLs to customer routers, life became much easier! --- John Fraizer EnterZone, Inc